Machete Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (135)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en114
ru10
zh4
de2
it2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA92
RU: Russia14
CA: Canada12
FR: France2
ES: Spain2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Machete7
Bashlite1
RagnarLocker1
Donot1
DPRK1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined54
Operating System12
Content Management System10
Web Browser8
Forum Software8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined40
Microsoft12
Apple6
Cisco4
PhotoPost4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows8
Mosets Tree4
Tuxera NTFS-3G2
Comcast MX011ANM2
Apple iOS2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1WordPress Access Restriction user-new.php access control7.57.4$5k-$25k$0-$5kNot definedOfficial fix 0.044780.00CVE-2017-17091
2Apple iOS/iPadOS Kernel information disclosure4.84.7$5k-$25k$0-$5kAttackedOfficial fixverified0.377410.10CVE-2020-27950
3Joe Depasquale Bannermatic Ban File information disclosure5.35.3$0-$5k$0-$5kNot definedNot defined 0.002910.00CVE-2002-2342
4PhotoPost PHP Pro showproduct.php sql injection9.89.4$0-$5k$0-$5kNot definedOfficial fix 0.008610.00CVE-2004-0250
5Skrypty Ppa Gallery functions.inc.php memory corruption7.36.6$0-$5k$0-$5kProof-of-ConceptNot defined 0.028870.00CVE-2005-2199
6Lighthouse Development Squirrelcart cart_content.php file inclusion6.55.9$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.110990.08CVE-2006-2483
7Oracle GoldenGate denial of service7.57.4$5k-$25k$0-$5kNot definedOfficial fix 0.082820.02CVE-2021-3749
8Microsoft Windows Asynchronous RPC Request access control9.08.6$25k-$100k$5k-$25kNot definedOfficial fixpossible0.608700.00CVE-2013-3175
9vBulletin visitormessage.php code injection7.57.4$0-$5k$0-$5kHighUnavailable 0.139190.02CVE-2014-9463
10phpBB startup.php cross site scripting4.34.1$0-$5k$0-$5kNot definedOfficial fix 0.006300.00CVE-2015-1431
11libxml2 xml external entity reference8.58.4$0-$5k$0-$5kNot definedOfficial fix 0.003930.00CVE-2017-7375
12Linux Kernel ICMP Timestamp/Netmask information disclosure3.93.9$5k-$25kCalculatingNot definedNot defined 0.009330.06CVE-1999-0524
13Erlang OTP Client Authentication improper authentication8.07.9$0-$5k$0-$5kNot definedOfficial fix 0.001050.03CVE-2022-37026
14Qualcomm Snapdragon Connectivity/Snapdragon Mobile Hash Segment buffer overflow7.97.8$5k-$25k$0-$5kNot definedOfficial fix 0.000980.00CVE-2021-35110
15DrayTek Vigor/Vigor3910 wlogin.cgi buffer overflow9.08.9$0-$5k$0-$5kNot definedOfficial fixpossible0.631150.00CVE-2022-32548
16arekk uke finder.rb sql injection5.55.3$0-$5kCalculatingNot definedOfficial fix 0.000450.05CVE-2015-10014
17Microsoft Windows Kernel Streaming WOW Thunk Service Driver heap-based overflow7.87.1$25k-$100k$5k-$25kUnprovenOfficial fix 0.215830.00CVE-2024-38054
18Microsoft Edge4.34.2$25k-$100k$5k-$25kNot definedOfficial fix 0.002280.05CVE-2023-36026
19PHPizabi index.php path traversal6.55.7$0-$5k$0-$5kUnprovenUnavailable 0.023180.04CVE-2008-3723
20Pharmacy Sales and Inventory System manage_user.php sql injection6.36.1$0-$5k$0-$5kNot definedNot defined 0.002500.02CVE-2022-30407

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
131.207.44.72Machete03/31/2022verifiedLow
269.64.43.33falcon207.startdedicated.comMachete12/17/2020verifiedLow
3XXX.XX.XXX.XXxxx-xx-xxx-xx.xxx.xxxx.xxXxxxxxx12/17/2020verifiedVery Low
4XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxxXxxxxxx12/17/2020verifiedLow
5XXX.XX.XXX.XXXxxxxxx12/17/2020verifiedLow
6XXX.XX.X.XXXxxxxx.xx-xxx-xx-x.xxxXxxxxxx12/17/2020verifiedLow
7XXX.X.X.XXXxxxxxx.xxx.x.x.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxx12/17/2020verifiedVery Low
8XXX.XXX.XXX.XXXxxxxxx12/17/2020verifiedLow
9XXX.XX.XX.XXXxx-xxxxx-xxxx.xxxxxxxxxx.xxxXxxxxxx12/17/2020verifiedLow
10XXX.XXX.XXX.XXXxxxx.xxxxxxxxxxxxx.xxxxXxxxxxx12/17/2020verifiedLow

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-XXXCWE-XX, CWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (109)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/config.php?display=backuppredictiveHigh
2File/cgi-bin/wlogin.cgipredictiveHigh
3File/pharmacy-sales-and-inventory-system/manage_user.phppredictiveHigh
4File/proc/self/cwdpredictiveHigh
5File/Side.phppredictiveMedium
6File/textpattern/index.phppredictiveHigh
7Fileaccount.asppredictiveMedium
8Fileadmin.phppredictiveMedium
9FileadminAttachments.phppredictiveHigh
10FileadminBoards.phppredictiveHigh
11FileadminPolls.phppredictiveHigh
12Fileal_initialize.phppredictiveHigh
13Filease.phppredictiveLow
14Filebb_usage_stats.phppredictiveHigh
15Filexxxx_xxxxxxx.xxxpredictiveHigh
16Filexxxxx.xxxxx.xxxpredictiveHigh
17Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictiveHigh
18Filexxxxxxx.xxxpredictiveMedium
19Filexxxxxx.xxxpredictiveMedium
20Filexxxxxxxx.xxx.xxxpredictiveHigh
21Filexxxxx.xxxpredictiveMedium
22Filexxxxxxxxxxx.xxxxx.xxxpredictiveHigh
23Filexxxx_xxxxxxxx.xxxpredictiveHigh
24Filexxxxxxxxx_xxx_xxxx.xxxpredictiveHigh
25Filexxxx.xxxpredictiveMedium
26Filexxxxxxxxxx.xxxpredictiveHigh
27Filexxxxxxxxx.xxxpredictiveHigh
28Filexxx/xxxxxxxxx.xxx.xxxpredictiveHigh
29Filexxxxxxxx/xxxxxxxxxxxx.xxx.xxxpredictiveHigh
30Filexxxxxxxx/xxxxxxx.xxxpredictiveHigh
31Filexxxxx.xxxpredictiveMedium
32Filexxxxx.xxx?xx=xxxxxxxxxpredictiveHigh
33Filexxxx.xxxpredictiveMedium
34Filexxx/xxx/xxxxxx.xxpredictiveHigh
35Filexxx_xxxxxxxx.xxxpredictiveHigh
36Filexxx.xxxpredictiveLow
37Filexxxxxxxx.xxxpredictiveMedium
38Filexxxxxxx/xxx/xxxxx.xxxpredictiveHigh
39Filexxxxxx_xx.xxxpredictiveHigh
40Filexxxxxxxxx.xxx.xxxpredictiveHigh
41Filexxxxxxx.xxxpredictiveMedium
42Filexxxxxxxxxx.xxxpredictiveHigh
43Filexxxxxxxxxxxx_xxxxxxxx.xxx.xxxpredictiveHigh
44Filexxxxxxxxxx.xxxx.xxxpredictiveHigh
45Filexxxxxxx_xxxxxx_xxxxxxxxxx.xxxpredictiveHigh
46Filexxxxxxx_xxxxxx_xxxxxxxx.xxxpredictiveHigh
47Filexxxxxx.xxxpredictiveMedium
48Filexxxx.xxxpredictiveMedium
49Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
50Filexxxxxxxx.xxx/xxxxxx.xxx/xxxxxxxx.xxxpredictiveHigh
51Filexxxxxxxxxxx.xxxpredictiveHigh
52Filexxxx_xxxxxxxx.xxx/xxxx_xxxx.xxxpredictiveHigh
53Filexxxxx/xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
54Filexxxxxx.xxxpredictiveMedium
55Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
56Filexxxxxxx.xxxpredictiveMedium
57Filexxxxxxxxxxxxxx.xxxpredictiveHigh
58Filexx-xxxxx/xxxx-xxx.xxxpredictiveHigh
59Filexxxxxxxxxxxx.xxxpredictiveHigh
60Libraryxxxxxxxx-xx.xxxpredictiveHigh
61Libraryxxx xxxxxxxxxxpredictiveHigh
62Libraryxxxx.xxx.xxxpredictiveMedium
63Argumentxx/xxpredictiveLow
64ArgumentxxxxxxpredictiveLow
65ArgumentxxxxpredictiveLow
66ArgumentxxxxpredictiveLow
67Argumentxxxx_xxx_xxxxpredictiveHigh
68ArgumentxxxpredictiveLow
69Argumentxxx_xxpredictiveLow
70ArgumentxxxxxxxxxxxxxxxpredictiveHigh
71ArgumentxxxxxxxxxxpredictiveMedium
72Argumentxxxxxx[xxx_xxxx_xxxx]predictiveHigh
73ArgumentxxxxxxxpredictiveLow
74ArgumentxxxxxxxxpredictiveMedium
75ArgumentxxxxxxxxpredictiveMedium
76Argumentxx_xxxxx_xxpredictiveMedium
77Argumentxx_xxxxxxxpredictiveMedium
78ArgumentxxxxxxxxpredictiveMedium
79Argumentxxxx_xxpredictiveLow
80ArgumentxxxxxxxpredictiveLow
81Argumentxxxxxxxxxxxxxx[xxxxxxxxxxxxxxxxxx]predictiveHigh
82Argumentxxxx[xxxxxxx]predictiveHigh
83ArgumentxxpredictiveLow
84ArgumentxxxxxxxxxpredictiveMedium
85ArgumentxxxxpredictiveLow
86ArgumentxxxxxxpredictiveLow
87Argumentxxxx_xxxxpredictiveMedium
88ArgumentxxxxxxxpredictiveLow
89Argumentxxx_xxxx_xxxxpredictiveHigh
90Argumentxx_xxxxxxxxpredictiveMedium
91Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
92Argumentxxxxxxx_xxxxpredictiveMedium
93Argumentxxxxxx_xxxxxx[xxxxxx_xxxx]predictiveHigh
94ArgumentxxxxxpredictiveLow
95ArgumentxxxxpredictiveLow
96Argumentxxxx_xx_xx_xxxpredictiveHigh
97ArgumentxxxxxxxxxpredictiveMedium
98Argumentxxxxx_xxxx_xxxxpredictiveHigh
99ArgumentxxxxxpredictiveLow
100Argumentxxxxxxxxxx[x]predictiveHigh
101Argumentxx_xxxxpredictiveLow
102Argumentxxxxxx_xxxxpredictiveMedium
103ArgumentxxxxxpredictiveLow
104ArgumentxxxxxxxxxxpredictiveMedium
105ArgumentxxxxxxxxpredictiveMedium
106Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveHigh
107Input Value\xxx../../../../xxx/xxxxxxpredictiveHigh
108Patternxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxpredictiveHigh
109Pattern|xx xx xx xx|predictiveHigh

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!